What is Port Address Translation (PAT)?

Port Address Translation (PAT) is a type of Network Address Translation (NAT), which translates communications between devices on a private network and devices on a public network.

PAT is also known as port overloading, overloaded NAT, port-level multiplexed NAT or single address NAT.

So How Does Port Address Translation (PAT) Work?

Last week I used a picture similar to the one below to illustrate how Network Address Translation (NAT) works.

This is the typical setup for a home network. Our computers are connected to a cable modem or router, which in turn is connected to our ISP.

Although I told you that our router was using Network Address Translation (NAT) to route the traffic between our PC and the Internet, I did not mention that we were actually using Port Address Translation (PAT) to send packets from one side to another.

Port Address Translation (PAT) allows multiple devices on a private network to be mapped to a single public IP address, which in the example above is 8.1.4.20, the IP address assigned by our ISP.

When our computer (192.168.1.11) connects to a web server on the Internet, the router running Port Address Translation (PAT) will do the following:

Assign a port number to our computer.

Store the computer’s IP address and assigned port number in its translation table.

Replaces the private IP address with the public one.

Assign an external port number.

Add the external IP address and port number to its translation table.

Rewrite the IP header of the outbound packet with the public IP address and assigned port number.

Send the packets to the host on the Internet.

Then when the host on the Internet replies back, our router will:

Read the packet received by the external device.

Use the external port number and look for a match on its translation table.

Rewrite the IP header of the incoming packet with the internal corresponding IP address and port number.

Send the packet to the internal network.

It looks easy, right?

In the example above, I described only one computer communicating with a web server on the Internet, using one port.

The reality is much more complex.

Most likely we will have multiple devices (computers, iPhones, PCs, TVs, TiVo, etc.) connected to our internal network and all these devices may be connecting to many other devices on the Internet, using several ports.

For example, your computer may be checking email on port 993, while you listen to Pandora on HTTP 80 and Skype maybe running on the background listening on port 37572.

As you can see, one device may be connecting to multiple devices and services on the Internet at the same time, while another device is connecting to other devices using completely different ports.

It’s up to our router to keep its translation table updated and to rewrite incoming and outgoing packets with new header information.

The Translation Table

A translation table may look like this:

Outside Global
IP Address:Port

Inside Global
IP Address:Port

Inside Local
IP Address:Port

74.125.227.206:80

8.1.4.20:1450

192.168.1.10:1450

173.194.64.108:993

8.1.4.20:1510

192.168.1.10:1510

74.125.227.206:80

8.1.4.20:1600

192.168.1.11:1600

173.194.64.108:25

8.1.4.20:1620

192.168.1.12:1620

Let’s try to understand what is going on.

The user on computer 192.168.1.10 is doing a search at www.google.com (74.125.227.206). As you know the web browser will connect to Google using the HTTP protocol on port 80.

You can see that in the translation table, in the Outside column the IP address and port number is 74.125.227.206:80.

Now, what most people don’t realize is that even though your destination is on port 80, your router will assign a random port number to your computer and keep tabs on it by using the translation table.

In this example, our computer has been assigned to port 1450 by the router: 192.168.1.10:1450.

Why?

Well, look once again at the translation table.

You will notice that both 192.168.1.10 and 192.168.1.11 are going to the same destination, the web server 74.125.227.206:80. Most likely both computers are running completely different searches on www.google.com.

Notice however, that each computer has a distinct internal port number assigned by the router, so that it can track the incoming and outgoing packets between the hosts and deliver them to the correct devices. This is one of the mechanisms that allow multiple PCs on your home network to use the same resources on the Internet and, yet get reliable results while communicating with multiple resources and ports at the same time.

Wrapping Up

Port Address Translation (PAT) is a type of Network Address Translation (NAT) that is prevalent both on home as well as corporate networks. It is important to understand how routers use their translation tables to deliver traffic between networks and what that means when you are troubleshooting connectivity issues.

Resource List

Below is a list of links to important concepts and information that you should be familiar with.